I have came across a REPZ intruction in my routine and do know how it does, what it does. When I step across it, it loops for a set amount of times and fills the memory with some data.

How does it know where to get the data from to fill the memory with ? There is a call, a few lines above the REPZ instruction, could this be generating the data to fill the moemory with ?

Thanks

http://www.online.ee/~andre/i80386/Opcodes/

JS:

Thanks for that, but due to the fact that I am new to this, maybe you can explain in "newbie" terms

Cheers

If you want any chance if being able to read/understand the assembly code of your targets, you really have to at least be able to read an instruction reference. While I may agree that the document at the given link above is a little messy, here are some other good ones that you should be able to read:

http://protools.anticrack.de/docs.htm

and here are direct links to the latest Intel Instruction Reference documents, which are very good:

ftp://download.intel.com/design/Pentium4/manuals/25366614.pdf
ftp://download.intel.com/design/Pentium4/manuals/25366714.pdf

You really have to put down some effort yourself, and not just expect to have everything "explained in newbie terms" by other people.

dELTA:

Thanks for them links, but I'm still totaly lost. I have figured that the REPZ instruction seems to add bytes in to memory until ECX=0, but the bit I can't work out is where does it get these bytes from ?

ESI: Extended SOURCE Index
EDI: Extended DESTINATION index

That's why they exist.

actually, REPZ does nothing with memory and esi and edi. it is the prefixed instruction that does the job. like movsb/d scasb/d, lodsb/d (although a rep'ed lodsb/d is not very useful), etc.

Cheers naides, that's all I needed

lifewire:

What do you mean ?

Every time I step over REPZ it moves whatever is stored at the address in ESI into the address stored at EDI until ECX=0.

Hi ,

markh51, REPZ is a REPEAT instruction with condition ! It does nothing else than repeating the suffixed operation (REP is a prefix).

ex:

REPNE SCASB ; REPNE is a prefix / Scasb is the string operation

or

REPZ MOVSB

etc.

Also, REPZ is equal to REPE

REPZ: Repeat string instruction until condition is TRUE (ZF=1 for REPZ) and ECX != 0

Lifewire is right, REPZ is a prefix that repeats any isntruction until ECX becomes 0. But, in the context Mark was asking the question, it sounded like a REPZ MOVSD or REPZ MOVSB instruction, which are very common usage of the prefix. then, EDI and ESI do make sense. That was what I meant.

Which is why markh51 needs to spend some quality time reading and studying general assembly language guides, like those suggested by dELTA. Assembly language is the "view" language of most debuggers and if you don't know what you are looking at, you are not likely to be able to make much progress figuring out what is happening. Effort at learning IS required.

Regards,